Skip to main content
CVE-2018-19370 MEDIUM POC This Month

A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition WordPress Information Disclosure PHP Yoast Seo
NVD GitHub
CVSS 3.0
6.6
EPSS
3.2%
CVE-2018-14629 MEDIUM POC PATCH This Month

A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Samba Ubuntu Linux Debian Linux
NVD
CVSS 3.0
6.5
EPSS
5.2%
CVE-2018-19621 MEDIUM POC This Month

server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Showdoc
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-18203 MEDIUM POC This Month

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle's USB ports) the ability to rewrite the. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Jwt Attack RCE Starlink 2017 Firmware Starlink 2018 Firmware Starlink 2019 Firmware
NVD GitHub
CVSS 3.0
6.4
EPSS
0.2%
CVE-2018-19630 MEDIUM POC This Month

cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lede Openwrt
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-17156 MEDIUM POC This Month

In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Freebsd
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-5559 MEDIUM POC This Month

In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Komand
NVD
CVSS 3.0
4.9
EPSS
0.6%
CVE-2018-19620 MEDIUM POC PATCH This Month

ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Showdoc
NVD GitHub
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-19651 MEDIUM This Month

admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Email Marketer
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-5916 MEDIUM This Month

Buffer overread while decoding PDP modify request or network initiated secondary PDP activation in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9615,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Qualcomm Mdm9206 Firmware Mdm9607 Firmware +33
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-16851 MEDIUM PATCH This Month

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Samba Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2018-16841 MEDIUM PATCH This Month

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Samba Ubuntu Linux +1
NVD
CVSS 3.1
6.5
EPSS
4.6%
CVE-2018-16857 MEDIUM PATCH This Month

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Samba
NVD
CVSS 3.0
5.9
EPSS
2.3%
CVE-2018-16853 MEDIUM This Month

Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Samba
NVD
CVSS 3.0
5.9
EPSS
3.1%
CVE-2018-1584 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-16852 MEDIUM PATCH This Month

Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Samba
NVD
CVSS 3.0
4.4
EPSS
2.2%
CVE-2018-12123 MEDIUM PATCH This Month

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Node.js Node Js
NVD
CVSS 3.1
4.3
EPSS
4.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy